Regulations and rules are not usually at the top of a startup founder’s mind when they wake up in the morning. Instead, they’re typically – and rightfully – thinking about product, engineering, pricing, strategy, fundraising etc. And yet, lack of attention to, or even awareness of, a raft of mundane yet critical regulatory items can be just as fatal to a startup’s success as a bad product or dearth of funding.
Broadly speaking, compliance for startups means following the rules. Some of these rules are obvious – founders usually know tax returns need to be filed every year. Virtually all of them are bureaucratic, but many are also complex and need involvement by specialists. Worse, many end up missed for months or even years because the founding team was blissfully unaware of them. In our work with hundreds of venture-backed startups over the years, we’ve learned compliance-related issues usually show up in the same six areas.
1. Sales Tax
It’s not a question of IF you’ll have to deal with sales tax, it’s a question of when. The minute your startup turns revenue positive, you need to understand your sales tax obligations. It is vastly preferable to set up sales tax when you’re just getting going than waiting for some state to start sending you penalty notices. This is one of those areas where it pays to let pros handle the details – no CEO can or should spend the time to track all the different and changing definitions and rules of all the states. Decide when revenue looks likely, and get with your tax team beforehand so they can map out if/when your product will be taxable, and where. Note: startups that rely on the Stripes of this world to “handle” their sales tax obligations need to verify *exactly* what is getting collected, remitted and filed, when, and by whom. Ultimately, the CEO of a startup is responsible for the proper collection and remittance of sales tax – and note that like unpaid payroll withholdings, sales & use is a trust tax, meaning it pierces the corporate veil; uncollected/unpaid obligations can become the personal obligation of a CEO.
2. Hiring and Firing
Most early-stage startups think they don’t need bona-fide HR competencies until they’re larger. Instead, they dedicate capital to engineering talent and maybe marketing resources. This is a mistake. Startups often hire very badly, meaning their process is often poor, undocumented, and uninformed about various offer and compensation regulations and requirements in their state. Worse, startups tend to *fire* horribly. Run by founders much more familiar with product and engineering than HR, they are woefully unprepared to let someone go in a way that is compliant with all the HR regulations (read: minefields) out there. This is particularly dangerous in tech-friendly but employee-centric states like CA and NY, where even well-intentioned founders risk significant legal issues if they don’t follow the rules when separating from an employee.
3. Retirement Benefits
Startups are often tripped up by obligations to provide retirement benefit mechanisms to employees. Whether state regulations mandate a full 401K plan or just access to a Roth IRA account, more than 30 states currently require startups with more than 2 employees to make a retirement mechanism available to their employees. Based on our experience, this is likely news to some of you (and your advisors).
4. State Registrations
State registrations have become a minefield for startups since the COVID pandemic scattered most employees to the four winds. A startup whose employees now work remotely from several states is required to register for payroll withholding in EACH of them. Moreover, disability and workers compensation insurance is typically required along with those registrations, and relying on a payroll provider like Gusto to ensure your compliance is a bad idea. It’s your company, so it’s your problem – many startups have been surprised to learn they’re delinquent in workers compensation or disability coverage because they thought whomever was running payroll was taking care of it.
5. Insurance Coverage
Speaking of insurance, we’ve said it before and we’ll say it again – the *minute* your startup takes outside capital from *anyone*, including and especially institutional investors like VCs, you incur a fiduciary duty to act in the best interest of those new shareholders/creditors. This means four distinct insurance policies become must-haves – general liability, errors & omissions, directors and officers, and cyber. We’ve written at length about startup insurance before, so won’t rehash the finer points here, but trust us that such policies are worth every penny. Ironically, they may even help prevent compliance lapses in other areas, like sales tax, from tanking the whole company.
6. Data Backup & Integrity
Few startups can afford SOC2 compliance out of the gate, but that doesn’t mean you shouldn’t take some best practices from those standards and put them in place immediately. Cloud backups, multi-factor authentication, and intentional training around phishing and invoice fraud are easy steps to implement and can help avoid disastrous events down the road (and help lower the cost of your cyber insurance policy).
What happens when a startup doesn’t take these items seriously? At first, probably nothing. Eventually, however, they will catch up with you. Many states are diligent enforcers of their indirect tax and employee-related regulations, and levy significant fines and penalties to startups that are out of compliance. Cyber risk is rampant and the more you grow, the more threatening it becomes. The stress and distraction of dealing with such problems, should they occur, is massive and tends to occur at the worst possible time. Not knowing about a regulation generally doesn’t get you off the hook for not following it, and woe be the CEO who has to inform a board that their company’s cash runway has been significantly shortened because of easily-avoided regulatory penalties.
Ultimately, lack of compliance can make it difficult or impossible to raise additional capital, will almost certainly result in big problems/holdbacks when you try to exit, and can unnecessarily cost you and your investors a boatload of money and time. Take it from us: Get your company squared away with its regulatory requirements, and keep it that way. You, and your investors, will be far bettor off for it.